> How to catch brute foce smtp auth attempts only? (== bad login or > password provided)
https://github.com/Exim/exim/wiki/BlockCracking > Condition like: > > ${if eq{$authentication_failed}{1}} > > doesn't work because it also catches cases where client cancelled smtp > auth attempt (rfc2554 and "*"). Doesn't happen in real life. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/